25 matches found
EUVD-2019-19304
Malware in sbrugna...
EUVD-2022-28101
Malicious code in bioql PyPI...
EUVD-2022-28103
Malicious code in bioql PyPI...
CVE-2021-36226
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files...
CVE-2020-25765
Addressed remote code execution vulnerability in regdevice.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140...
CVE-2022-22992
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input...
CVE-2022-22990
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...
CVE-2022-36326
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...
CVE-2022-29840 Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices
Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...
CVE-2021-36225
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation...
CVE-2022-22999 Cross-site Scripting Vulnerability in USB Backups App
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...
CVE-2022-22992
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input...
CVE-2022-22992
CVE-2022-22992 describes a command-injection remote code execution on Western Digital My Cloud devices. The vulnerability arises from improper handling of user-provided input that is used in shell calls, with the fix noted as escaping individual arguments to shell functions. Reported impacts incl...
PT-2022-15762 · Western Digital · Western Digital My Cloud
Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Devices affected versions not specified Description: A command injection remote code execution issue was discovered that could allow an attacker to execute arbitrary system commands on the device. The issue was...
CVE-2022-22990
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...
CVE-2022-22990
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...
CVE-2022-22990
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...
Authentication flaw
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts...
CVE-2022-22990
CVE-2022-22990 is a limited authentication bypass affecting Western Digital My Cloud devices. Multiple sources describe a vulnerability where an attacker could bypass authentication to trigger remote code execution and privilege escalation. The root cause is tied to improper access control, with ...
CVE-2020-25765
Addressed remote code execution vulnerability in regdevice.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140...